Determine 9 exhibits the layers of encapsulation concerned in each Zoom video and audio packets.

Figuring out AES Key Transmission

We subsequent sought out to find how the assembly’s AES-128 encryption key (conf.skey) was derived. We observed that earlier than the great amount of site visitors on UDP port 8801, there was some TLS site visitors between our laptop and Zoom servers. We arrange to intercept the TLS site visitors and configured the Zoom Linux shopper to route its TLS site visitors by means of mitmproxy.² Luckily, the Zoom shopper did seem to warn us that the pretend TLS certificates generated by mitmproxy had been untrusted. After we trusted the certificates, we noticed a collection of messages exchanged between our Zoom shopper and Zoom servers. In a single of the messages, the Zoom server despatched us the encryption key in Determine 10.